deps(actions): bump github/codeql-action from 3 to 4#1
Open
dependabot[bot] wants to merge 1 commit into
Open
Conversation
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v3...v4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
physercoe
pushed a commit
that referenced
this pull request
May 23, 2026
…, turn.result (v1.0.657-alpha) ADR-027 W11 fix-up wedge #1 (mirror of the agy v1.0.643–.652 arc). Five-bug pattern surfaced from on-host smoke of claude-code M4 — same class as agy hit, hidden since v1.0.592 because most claude-code spawns run M2 stream-json. Fixes (one wedge): 1. host-runner spawn cwd ≠ yaml workdir — prepend `cd <workdir> &&` to spec.Backend.Cmd before LaunchCmd. Mirrors M1/M2/agy-M4. Without this, claude lands in host-runner's cwd and writes its session JSONL where the adapter's pathresolver never looks → tail wait stalls → "M4 LocalLogTail launch failed". 2. PaneDriver fall-through silently degrades the spawn — drop it. On launchM4LocalLogTail error: lifecycle:failed + PatchAgent failed + return. Identical to the antigravity arm. PaneDriver scrapes raw tmux bytes, bypasses the permission-prompt + hook surface, and spawns a second pane with wrong cwd — same nonsense agy hit at v1.0.643. 3. "Do you trust this folder?" welcome-screen dialog — new preTrustWorkspaceClaudeCode(workdir) writes ~/.claude.json projects.<workdir>.hasTrustDialogAccepted + hasCompletedProjectOnboarding to true. Idempotent (re-spawn no-op when both flags set, mtime preserved); preserves all other top-level keys + other project entries (the user's interactive claude config lives in same file). Mirror of agy's preTrustWorkspaceAntigravity at v1.0.644. 4. Cancel-on-send overlay never drops — hookStop now ALSO emits turn.result{reason:end_of_turn, status:success} alongside the existing system{turn_complete}. Mobile _isAgentBusy() in agent_feed.dart skips `system` frames (telemetry grab-bag) and only flips to idle on turn.result / completion / session.init / certain lifecycle phases. Stop is the engine-level end-of-turn signal; M4 was the holdout. Mirror of agy v1.0.647. 5. Silent gap: persona never lands. writeContextFiles(workdir, spec.ContextFiles) call was missing from launch_m4_locallogtail.go since v1.0.592. M1/M2/agy-M4 all do it. Without it, claude-code stewards spawn persona-less and the first turn is bare-claude against an empty principal envelope. Mirror of agy v1.0.652. Tests: - TestLaunchM4LocalLogTail_PrefixesCmdWithCdWorkdir - TestLaunchM4LocalLogTail_WritesContextFiles - TestPreTrustWorkspaceClaudeCode_FreshFile / _PreservesOtherKeys / _AlreadyTrusted_NoMutation - TestOnHook_StopEmitsTurnResultForBusyWalker Not in scope (different mechanism, separate follow-up): - claude_code/sendkeys.go:84-99 multi-line slicing — splits a multi-line body on \n + Enter between every line, submitting each line as a separate turn. Same family as agy's paste-buffer LF→CR but different fix (no paste-buffer involved). Deferred. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
physercoe
pushed a commit
that referenced
this pull request
May 29, 2026
… LOC) Doc was stamped v1.0.312; the refactor never started and files grew. Refresh measures the drift, re-ranks the wedges, adds R0 (CI LOC tripwire, promoted from the deferred open-question that let the drift go unnoticed), R2A (agent_feed split, full 37-class cleavage), and R5 (Go hub companion plan). Set Freshness: rolling so CI warns on future drift (discussion default snapshot skips the check). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps github/codeql-action from 3 to 4.
Release notes
Sourced from github/codeql-action's releases.
... (truncated)
Changelog
Sourced from github/codeql-action's changelog.
... (truncated)
Commits
43d8420Do not run Swift in debug artifacts after failure check76a687eMerge pull request #3804 from github/dependabot/npm_and_yarn/npm-minor-e84c60...751f3e2Bump eslint-plugin-jsdoc from 62.8.1 to 62.9.0 in the npm-minor group808513fUpdate language aliases teste452857Throw error early rather than warningb623f5fMerge pull request #3799 from github/mario-campos/test-multiple-registriesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)